TWI759138B - Threshold signature scheme system based on inputting password and method thereof - Google Patents
Threshold signature scheme system based on inputting password and method thereof Download PDFInfo
- Publication number
- TWI759138B TWI759138B TW110109070A TW110109070A TWI759138B TW I759138 B TWI759138 B TW I759138B TW 110109070 A TW110109070 A TW 110109070A TW 110109070 A TW110109070 A TW 110109070A TW I759138 B TWI759138 B TW I759138B
- Authority
- TW
- Taiwan
- Prior art keywords
- value
- host
- server
- client
- password
- Prior art date
Links
Images
Abstract
Description
本發明涉及一種簽章系統及其方法,特別是基於輸入密碼的門檻式簽章系統及其方法。The invention relates to a signature system and a method thereof, in particular to a threshold type signature system and method based on an input password.
近年來,隨著區塊鏈的普及與蓬勃發展,各種區塊鏈技術的改良手段便如雨後春筍般湧現。其中,又以區塊鏈錢包的安全性最受矚目。In recent years, with the popularization and vigorous development of blockchain, various improvement methods of blockchain technology have sprung up like mushrooms after rain. Among them, the security of the blockchain wallet is the most eye-catching.
一般而言,基於區塊鏈的數位貨幣是透過區塊鏈錢包來進行交易與簽章,傳統的區塊鏈錢包會儲存至少一組金鑰對(包含公鑰及私鑰),以便在交易時,使用私鑰來對交易進行簽章以證明自己是數位貨幣的合法擁有者,進而成功執行交易。因此,在這些數位貨幣的價值水漲船高的時代,如何確保區塊鏈錢包的安全性便顯得格外重要,傳統將完整的金鑰對直接儲存在區塊鏈錢包內的方式,因為其金鑰對容易遭到竊取或外洩,所以具有安全性不足的問題。Generally speaking, blockchain-based digital currencies are traded and signed through blockchain wallets. Traditional blockchain wallets store at least one set of key pairs (including public and private keys) for transaction purposes. When , use the private key to sign the transaction to prove that you are the legal owner of the digital currency, and then successfully execute the transaction. Therefore, in the era of the rising value of these digital currencies, how to ensure the security of the blockchain wallet is particularly important. The traditional way of directly storing the complete key pair in the blockchain wallet is that the key pair is easy to It is stolen or leaked, so there is a problem of insufficient security.
有鑑於此,便有廠商提出將私鑰以秘密共享演算法拆分並分開存放的技術手段,其透過秘密共享演算法將私鑰拆分成多個共享單元(Share),並且允許在共享單元的數量滿足門檻值時,通過數學運算直接根據這些共享單元產生符合簽章格式的簽章,而無須組合出私鑰,藉以降低私鑰洩漏的風險。然而,此種方式存在管理不便及安全性不佳的問題,例如:要使用網頁程式執行時,通常會將共享單元儲存在「Cookie」中,但其安全性極低。另外,當區塊鏈錢包的載體(如:電腦、智慧型手機等等)遺失時,有可能導致共享單元被暴力取出,雖然僅遺失單一共享單元仍不足以進行簽章,但仍然有其風險存在,並且在私鑰共享單元從外部傳輸到主機時,僅依靠 HTTPS 加密,很可能因為釣魚或是網路上的各種攻擊方式,使得私鑰共享單元暴露。另一方面,實際持有共享單元便具有管理上的困擾,為了能夠隨時交易需要隨身攜帶,反而造成增加遺失或外洩的機率。因此,此方式仍然無法有效解決區塊鏈錢包的交易安全性及管理便利性不足的問題。In view of this, some manufacturers have proposed a technical means of splitting and storing the private key with a secret sharing algorithm, which splits the private key into multiple shared units (Share) through the secret sharing algorithm, and allows the sharing of the private key in the unit. When the number of tokens meets the threshold value, a signature that conforms to the signature format is generated directly from these shared units through mathematical operations, without the need to combine private keys, thereby reducing the risk of private key leakage. However, this method has problems of inconvenient management and poor security. For example, when a web program is used to execute, the shared unit is usually stored in a "cookie", but its security is extremely low. In addition, when the carrier of the blockchain wallet (such as a computer, a smart phone, etc.) is lost, it may lead to the violent removal of the shared unit. Although only losing a single shared unit is not enough for signing, it still has its risks. It exists, and when the private key sharing unit is transmitted from the outside to the host, only relying on HTTPS encryption, it is very likely that the private key sharing unit is exposed due to phishing or various attack methods on the Internet. On the other hand, the actual holding of the shared unit has the trouble of management. In order to be able to trade at any time, it needs to be carried with you, which increases the probability of loss or leakage. Therefore, this method still cannot effectively solve the problems of insufficient transaction security and management convenience of blockchain wallets.
綜上所述,可知先前技術中長期以來一直存在區塊鏈錢包的交易安全性及管理便利性不足的問題,因此實有必要提出改進的技術手段,來解決此一問題。To sum up, it can be seen that there has been a long-standing problem of insufficient transaction security and management convenience of blockchain wallets in the prior art. Therefore, it is necessary to propose improved technical means to solve this problem.
本發明揭露一種基於輸入密碼的門檻式簽章系統及其方法。The invention discloses a threshold type signature system and method based on the input password.
首先,本發明揭露一種基於輸入密碼的門檻式簽章系統,應用在包含多個節點的區塊鏈網路,其包含:公正端主機、客戶端主機及伺服端主機。其中,公正端主機作為節點其中之一,用以預先為所述節點分配不同的X座標及層級值;客戶端主機作為節點其中之一,用以接收公正端主機分配的X座標及層級值,所述客戶端主機包含:第一生成模組、第二生成模組及第一運算模組。其中,第一生成模組用以允許輸入密碼及隨機選擇b值,並且將密碼帶入第一雜湊函式計算出的數值與b值相乘以生成P值並進行傳送;第二生成模組連接第一生成模組,用以接收V值,並且將密碼、P值及b值的倒數與V值的乘積帶入第二雜湊函式計算出的整數值作為客戶端主機持有且對應密碼的密碼共享單元;以及第一運算模組連接第二生成模組,用以基於安全多方計算(Secure Multi-Party Computation, MPC)執行分散式金鑰生成函式,將門檻式簽章的t值、n值及客戶端主機的層級值帶入分散式金鑰生成函式以生成客戶端主機的客戶端共享單元及其相應的門檻式簽章公鑰,其中客戶端共享單元等於密碼共享單元。接著,所述伺服端主機作為節點其中之一,用以接收公正端主機分配的X座標及層級值,伺服端主機包含:金鑰模組、第二運算模組及儲存模組。其中,金鑰模組用以在接收到P值之後,生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將k值與P值的乘積作為V值,以及將公鑰及V值傳送至客戶端主機;第二運算模組,用以基於安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及伺服端主機的層級值帶入分散式金鑰生成函式以生成伺服端主機的伺服端共享單元且相應於門檻式簽章公鑰;以及儲存模組連接金鑰模組及第二運算模組,用以儲存伺服端共享單元、k值、門檻式簽章公鑰、私鑰以及伺服端主機及客戶端主機的X座標與層級值;其中,當客戶端主機及伺服端主機執行門檻式簽章時,客戶端主機提示輸入密碼且重新隨機選擇b值,並且將輸入的密碼帶入第一雜湊函式計算出的數值與重新選擇的b值相乘以重新生成P值,以及將重新生成的P值傳送至伺服端主機,使伺服端主機重新計算V值並傳送至客戶端主機,再由客戶端主機將密碼、重新生成的P值、重新選擇的b值的倒數與重新計算出的V值的乘積帶入第二雜湊函式以重新生成客戶端主機的客戶端共享單元,再根據客戶端主機重新生成的客戶端共享單元與伺服端主機儲存的伺服端共享單元對交易雜湊訊息執行門檻式簽章。First, the present invention discloses a threshold-type signature system based on an input password, which is applied to a blockchain network including a plurality of nodes, and includes a fair end host, a client host and a server host. Among them, the fair-end host is one of the nodes, used to pre-allocate different X coordinates and level values to the nodes; the client host is one of the nodes, used to receive the X-coordinate and level values assigned by the fair-end host, The client host includes: a first generation module, a second generation module and a first operation module. Among them, the first generation module is used to allow the input of the password and the random selection of the b value, and the password is brought into the value calculated by the first hash function and multiplied by the b value to generate the P value and transmit it; the second generation module The first generation module is connected to receive the V value, and the product of the password, the reciprocal of the P value and the b value and the V value is brought into the integer value calculated by the second hash function as the client host and the corresponding password. and the first operation module is connected to the second generation module to execute the distributed key generation function based on Secure Multi-Party Computation (MPC), and convert the t value of the threshold signature , the value of n and the level value of the client host are brought into the distributed key generation function to generate the client shared unit of the client host and its corresponding threshold signature public key, where the client shared unit is equal to the cryptographic shared unit. Next, the server host, as one of the nodes, is used to receive the X coordinate and the level value assigned by the fair end host. The server host includes a key module, a second operation module and a storage module. Among them, the key module is used to generate an asymmetric private key and its corresponding public key after receiving the P value, randomly select the k value, and then use the product of the k value and the P value as the V value, and use The public key and V value are sent to the client host; the second computing module is used to execute a distributed key generation function based on secure multi-party computation, and convert the t value and n value of the threshold signature and the level value of the server host Bring in the distributed key generation function to generate the server-side sharing unit of the server-side host and correspond to the threshold-type signature public key; and the storage module is connected to the key module and the second computing module for storing the server-side Shared unit, k value, threshold signature public key, private key, and X-coordinate and level value of the server host and client host; where, when the client host and the server host execute threshold signature, the client Prompt for a password and re-select the b value randomly, and take the entered password into the first hash function The calculated value is multiplied by the re-selected b value to regenerate the P value, and transmit the regenerated P value to the servo The end host makes the server end host recalculate the V value and transmit it to the client host, and then the client host brings the product of the password, the regenerated P value, the reciprocal of the reselected b value and the recalculated V value into The second hash function regenerates the client shared unit of the client host, and then performs threshold signature on the transaction hash message according to the client shared unit regenerated by the client host and the server shared unit stored by the server host.
另外,本發明還揭露一種基於輸入密碼的門檻式簽章方法,應用在包含多個節點的區塊鏈網路,其步驟包括:提供作為區塊鏈網路的節點的公正端主機、客戶端主機及伺服端主機,所述客戶端主機及伺服端主機皆由公正端主機預先分配相應的X座標及層級值;客戶端主機允許輸入密碼及隨機選擇b值,並且將密碼帶入第一雜湊函式計算出的數值與b值相乘以生成P值,以及將此P值傳送至伺服端主機;伺服端主機接收到P值之後,生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將k值與P值的乘積作為V值,以及將公鑰及V值傳送至客戶端主機;客戶端主機在接收到V值後,將密碼、P值及b值的倒數與V值的乘積帶入第二雜湊函式計算出的整數值作為客戶端主機持有且對應所述密碼的密碼共享單元;客戶端主機及伺服端主機以安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及各自的層級值帶入分散式金鑰生成函式以生成客戶端主機的客戶端共享單元及伺服端主機的伺服端共享單元,其中客戶端共享單元等於密碼共享單元,以及生成與客戶端共享單元及伺服端共享單元相應的門檻式簽章公鑰;伺服端主機儲存伺服端共享單元、k值、門檻式簽章公鑰、私鑰以及伺服端主機及客戶端主機的X座標與層級值;以及當執行門檻式簽章時,客戶端主機提示輸入密碼且重新隨機選擇b值,並且將輸入的密碼帶入第一雜湊函式計算出的數值與重新選擇的b值相乘以重新生成P值,以及將重新生成的P值傳送至伺服端主機,使伺服端主機重新計算V值並傳送至客戶端主機,再由客戶端主機將密碼、重新生成的P值、重新選擇的b值的倒數與重新計算出的V值的乘積帶入第二雜湊函式以重新生成客戶端主機的客戶端共享單元,再根據客戶端主機重新生成的客戶端共享單元與伺服端主機儲存的伺服端共享單元對交易雜湊訊息執行門檻式簽章。In addition, the present invention also discloses a threshold-type signature method based on inputting a password, which is applied to a blockchain network including a plurality of nodes. The host and the server host, the client host and the server host are pre-assigned the corresponding X coordinate and level value by the fair end host; the client host allows to input the password and randomly select the b value, and bring the password into the first hash The value calculated by the function is multiplied by the b value to generate the P value, and the P value is sent to the server host; after the server host receives the P value, it generates an asymmetric private key and its corresponding public key, And randomly select the k value, and then use the product of the k value and the P value as the V value, and transmit the public key and the V value to the client host; after receiving the V value, the client host sends the password, P value and b value. The product of the reciprocal and the V value is brought into the integer value calculated by the second hash function as the password sharing unit held by the client host and corresponding to the password; The key generation function, which brings the t value, n value and their respective level values of the threshold signature into the distributed key generation function to generate the client shared unit of the client host and the server shared unit of the server host, The client-side sharing unit is equal to the password-sharing unit, and generates a threshold-type signature public key corresponding to the client-side sharing unit and the server-side sharing unit; the server-side host stores the server-side sharing unit, k value, threshold-type signature public key, The private key, the X coordinate and level value of the server host and the client host; and when the threshold signature is executed, the client host prompts for a password and re-selects the b value randomly, and brings the entered password into the first hash function The value calculated by the formula is multiplied by the reselected b value to regenerate the P value, and the regenerated P value is transmitted to the server host, so that the server host recalculates the V value and transmits it to the client host, and then the client host The end host takes the product of the password, the regenerated P value, the reciprocal of the reselected b value, and the recalculated V value into the second hash function to regenerate the client shared unit of the client host, and then according to the client The client-side sharing unit regenerated by the host and the server-side sharing unit stored by the server-side host perform threshold signatures on the transaction hash message.
本發明所揭露之系統與方法如上,與先前技術的差異在於本發明是透過公正端主機為客戶端主機及伺服端主機分配X座標及層級值,並且允許在客戶端主機設定密碼後,使客戶端主機及伺服端主機基於安全多方計算執行分散式金鑰生成函式,用以根據密碼、X座標及層級值生成與密碼相應的共享單元並儲存在伺服端主機,當執行門檻式簽章時,僅需在客戶端主機輸入密碼即可在客戶端主機重新產生與密碼相應的共享單元,並且與儲存在伺服端主機的共享單元共同執行門檻式簽章。The system and method disclosed in the present invention are as above, and the difference from the prior art lies in that the present invention allocates X coordinates and level values to the client host and the server host through the fair host, and allows the client to set a password after the client host sets a password. The end host and the server end host execute a distributed key generation function based on secure multi-party computation to generate a shared unit corresponding to the password according to the password, X coordinate and level value and store it on the server end host. When the threshold signature is executed , the shared unit corresponding to the password can be regenerated on the client host only by inputting the password on the client host, and the threshold-type signature can be executed jointly with the shared unit stored in the server host.
透過上述的技術手段,本發明可以在不生成私鑰的情況下,達成提高區塊鏈錢包的交易安全性及管理便利性之技術功效。Through the above technical means, the present invention can achieve the technical effect of improving the transaction security and management convenience of the blockchain wallet without generating a private key.
以下將配合圖式及實施例來詳細說明本發明之實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。The embodiments of the present invention will be described in detail below in conjunction with the drawings and examples, so as to fully understand and implement the implementation process of how the present invention applies technical means to solve technical problems and achieve technical effects.
首先,在說明本發明所揭露之基於輸入密碼的門檻式簽章系統及其方法之前,先對本發明的應用環境作說明,本發明係應用在區塊鏈網路中,區塊鏈網路中的各節點能夠執行安全多方計算,用以相互交換資料及計算結果,進而執行門檻式簽章。接著,針對本發明自行定義的名詞作說明,本發明所述的第一雜湊函式是根據字串或位元組陣列生成橢圓曲線群(Elliptic Curve Group)元素的函式,所述第二雜湊函式是根據字串或位元組陣列生成整數的函式。另外,本發明所述的共享單元(Share)是指在進行安全多方計算時,在不同的節點之間進行相互交換資料及計算結果所生成的元素,此元素能夠用來計算出符合橢圓曲線數位簽名演算法(Elliptic Curve Digital Signature Algorithm, ECDSA)的簽章格式之簽章(或稱為「簽名」),其中、基於密碼產生的便稱之為「密碼共享單元」,由客戶端主機持有的便稱為「客戶端共享單元」,由伺服端主機持有的便稱為「伺服端共享單元」。First of all, before describing the password-based threshold signature system and method disclosed in the present invention, the application environment of the present invention is described first. The present invention is applied in a blockchain network, and in a blockchain network Each node of the network can perform secure multi-party computation to exchange data and computation results with each other, and then perform threshold signature. Next, for the self-defined nouns of the present invention, the first hash function of the present invention is a function to generate elliptic curve group (Elliptic Curve Group) elements according to a string or a byte array, and the second hash function A function is a function that generates an integer from a string or byte array. In addition, the shared unit (Share) in the present invention refers to an element generated by mutual exchange of data and calculation results between different nodes when performing secure multi-party computation, and this element can be used to calculate the digital data that conforms to the elliptic curve. The signature (or "signature") of the signature format of the signature algorithm (Elliptic Curve Digital Signature Algorithm, ECDSA), among which, the one generated based on the password is called the "password sharing unit", which is held by the client host. It is called "client-side shared unit", and the one held by the server host is called "server-side shared unit".
以下配合圖式對本發明基於輸入密碼的門檻式簽章系統及其方法做進一步說明,請先參閱「第1圖」,「第1圖」為本發明基於輸入密碼的門檻式簽章系統之系統方塊圖,應用在包含多個節點的區塊鏈網路100,此系統包含:公正端主機110、客戶端主機120及伺服端主機130。其中,公正端主機110作為節點其中之一,用以預先為所述節點分配不同的X座標及層級值。舉例來說,公正端主機110可為客戶端主機120分配X座標為數值3且層級值為數值0,以及為伺服端主機130分配X座標為數值5且層級值為數值0。另外,客戶端主機120及伺服端主機130可執行雙因子認證或稱為雙重驗證(Two-Factor Authentication, 2FA)以驗證交易者身分,進而增加交易的安全性。The following is a further description of the threshold type signature system based on inputting a password and the method of the present invention in conjunction with the drawings. Please refer to "Fig. 1" first. The block diagram is applied to the
客戶端主機120作為節點其中之一,用以接收公正端主機110分配的X座標及層級值,所述客戶端主機120包含:第一生成模組121、第二生成模組122及第一運算模組123。其中,第一生成模組121用以允許輸入密碼及隨機選擇b值,並且將密碼帶入第一雜湊函式計算出的數值與b值相乘以生成P值並進行傳送。舉例來說,假設使用者輸入密碼為「password」、隨機選擇的b值為數值8,則P值的計算方式為「Hash(password) * 8」,其中,「Hash()」代表第一雜湊函式,而「Hash(password)」為橢圓曲線上的一個點。The
第二生成模組122連接第一生成模組121,用以自伺服端主機130接收V值,並且將密碼、P值及b值的倒數與V值的乘積帶入第二雜湊函式計算出的整數值作為客戶端主機持有且對應密碼的密碼共享單元。相較於第一生成模組121使用第一雜湊函式,第二生成模組122則是使用第二雜湊函式計算相應於密碼的共享單元(即:密碼共享單元「share-pw」),也就是說,密碼共享單元的計算方式為「Hash’(password, P, 8
-1* V)」其中,「Hash’()」為第二雜湊函式、「password」為密碼、「P」為P值、「8
-1」為b值的倒數、「V」為接收自伺服端主機130的V值。在實際實施上,客戶端主機120還可自伺服端主機130接收公鑰,並且使用此公鑰對自己的密碼進行加密,以便將加密後的密碼儲存在雲端硬碟作為備份之用。如此一來,當使用者忘記密碼時,可以向伺服端主機130要求相應的私鑰以對其進行解密,進而獲得密碼。
The
第一運算模組123連接第二生成模組122,用以基於安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及客戶端主機的層級值帶入分散式金鑰生成函式以生成客戶端主機的客戶端共享單元及其相應的門檻式簽章公鑰,其中客戶端共享單元等於密碼共享單元。在實際實施上,門檻式簽章的t值代表門檻值、n值代表所有參與簽章運算的節點數量,舉例來說,當參與門檻式簽章的節點為客戶端主機120及伺服端主機130時,因為只有兩台主機,所以n值為數值2。另外,當t值為數值2時,代表至少需要具有符合的共享單元的兩台主機(以此例而言,分別為客戶端主機120及伺服端主機130)才能完成簽章。The
接著,所述伺服端主機130作為節點其中之一,用以接收公正端主機110分配的X座標及層級值,伺服端主機130包含:金鑰模組131、第二運算模組132及儲存模組133。其中,金鑰模組131用以在接收到P值之後,生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將k值與P值的乘積作為V值,以及將公鑰及V值傳送至客戶端主機。此處隨機選擇k值的方式,如同客戶端主機120隨機選擇b值的方式,假設k值為數值100,便將接收自客戶端主機120的P值與k值相乘得到V值,即:「V = 100 * P」,接著再將生成的公鑰及V值傳送至客戶端主機120。Next, the
第二運算模組132用以基於安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及伺服端主機的層級值帶入分散式金鑰生成函式以生成伺服端主機的伺服端共享單元且相應於門檻式簽章公鑰。在實際實施上,將門檻式簽章的t值、n值及伺服端主機的層級值帶入分散式金鑰生成函式主要是為了選擇合適的第一多項式,實際上,基於安全多方計算所執行的分散是金鑰生成函式包含下列步驟:The
1. 客戶端主機120及伺服端主機130相互交換各自的X座標。假設客戶端主機120的X座標為數值3、伺服端主機130的X座標為數值5,相互交換後,客戶端主機120會得知伺服端主機130的X座標,同樣地,伺服端主機130也會得知客戶端主機120的X座標。1. The
2. 客戶端主機120根據t值、n值及層級值隨機選擇第一多項式,伺服端主機根據t值、n值及層級值隨機選擇第二多項式,第一多項式及第二多項式的最高次數為t值減數值1,以及將客戶端主機120的X座標分別帶入第一多項式及第二多項式以分別計算出第一多項式值及第二多項式值(即:客戶端主機120將自己的X座標帶入第一多項式,伺服端主機130將客戶端主機120的X座標帶入第一多項式),其中,隨機選擇的第一多項式需滿足第一多項式值與密碼共享單元相等,隨機選擇的第二多項式需滿足第二多項式值為數值零。換句話說,假設第一多項式為「f
user(x)」、第二多項式為「f
server(x)」,那麼,「f
user(3) = share-pw」、「f
server(3) = 0」。
2. The
3. 客戶端主機120及伺服端主機130將自身的X座標帶入自身選擇的第一多項式或第二多項式以計算出相應的第三多項式值,以及將對方的X座標帶入自身選擇的第一多項式或第二多項式以計算出相應的第四多項式值,並且由客戶端主機120將計算出的第四多項式值「f
user(5)」傳送給伺服端主機130。特別要說明的是,由於第二多項式需滿足第二多項式值為數值零,所以伺服端主機130傳送的數值一定為零。因此,在此步驟中,伺服端主機130可以不用將已知的數值零傳送給客戶端主機120,而是僅由客戶端主機120傳送「f
user(5)」給伺服端主機130即可。以上例而言,客戶端主機120會得到「f
user(3)」,而伺服端主機會得到「f
user(5)」及「f
server(5)」。也就是說,第三多項式值是指將自身的X座標帶入自身選擇的多項式所得到的值,如:客戶端主機120得到的第三多項式值為「f
user(3)」,以及伺服端主機130得到的第三多項式值為「f
server(5)」,第四多項式值則是將對方的X座標帶入自身選擇的多項式所得到的值,如:伺服端主機130得到的第四多項式值為「f
server(3)」,以及客戶端主機120得到的第四多項式值為「f
user(5)」。
3. The
4. 客戶端主機120及伺服端主機130分別將數值零帶入自身選擇的第一多項式或第二多項式以計算出相應的第五多項式值,再將各自計算出的第五多項式值與橢圓曲線群的基點「G」相乘以各自計算出相應的交換數值和生成與密碼共享單元及伺服端共享單元相應的零知識證明(Zero-Knowledge Proofs)並相互交換。舉例來說,客戶端主機120計算出的第五多項式值為「f
user(0) * G」、伺服端主機130計算出的第五多項式值為「f
server(0) * G」,經過交換後,客戶端主機120會得到「f
server(0) * G」,而伺服端主機130則會得到「f
user(0) * G」。至此,客戶端主機120已得到「f
user(3)」及「f
server(0) * G」,伺服端主機130已得到「f
user(5)」、「f
server(5)」及「f
user(0) * G」。
4. The
5. 客戶端主機120將自身計算出的第三多項式值設為客戶端共享單元,以及伺服端主機130將自身計算出的第三多項式值及接收到的第四多項式值相加以計算出相應的伺服端共享單元,並且驗證零知識證明和根據交換數值及客戶端主機120與伺服端主機130的伯克霍夫係數計算出與客戶端共享單元及伺服端共享單元相應的門檻式簽章公鑰。舉例來說,客戶端主機120會將「f
user(3)」設為客戶端的共享單元,其與密碼共享單元「share-pw」相等,而伺服端主機130會將「f
user(5)」加上「f
server(5)」得到伺服端共享單元「s
server」。至於公鑰的計算方式為「b
userf
user(0) * G + b
serverf
server(0) * G」,其中,b是指伯克霍夫係數。
5. The
儲存模組133連接金鑰模組131及第二運算模組132,用以儲存伺服端共享單元、k值、門檻式簽章公鑰、私鑰以及伺服端主機130及客戶端主機120的X座標與層級值。在實際實施上,儲存模組133可使用硬碟、光碟、非揮發性記憶體、資料庫等等來實現。The
要補充說明的是,由於客戶端主機120不需要儲存任何資料,所以當客戶端主機120及伺服端主機130執行門檻式簽章時,客戶端主機120會提示輸入密碼且重新隨機選擇b值,並且將輸入的密碼帶入第一雜湊函式計算出的數值與重新選擇的b值相乘以重新生成P值,以及將重新生成的P值傳送至伺服端主機130,使伺服端主機130重新計算V值並傳送至客戶端主機120,再由客戶端主機120將密碼、重新生成的P值、重新選擇的b值的倒數與重新計算出的V值的乘積帶入第二雜湊函式以重新生成客戶端主機120的客戶端共享單元,再根據客戶端主機120重新生成的客戶端共享單元與伺服端主機130儲存的伺服端共享單元對交易雜湊訊息執行門檻式簽章。It should be added that since the
特別要說明的是,在實際實施上,本發明所述的模組皆可利用各種方式來實現,包含軟體、硬體或其任意組合,例如,在某些實施方式中,各模組可利用軟體及硬體或其中之一來實現,除此之外,本發明亦可部分地或完全地基於硬體來實現,例如,系統中的一個或多個模組可以透過積體電路晶片、系統單晶片(System on Chip, SoC)、複雜可程式邏輯裝置(Complex Programmable Logic Device, CPLD)、現場可程式邏輯閘陣列(Field Programmable Gate Array, FPGA)等來實現。本發明可以是系統、方法及/或電腦程式。電腦程式可以包括電腦可讀儲存媒體,其上載有用於使處理器實現本發明的各個方面的電腦可讀程式指令,電腦可讀儲存媒體可以是可以保持和儲存由指令執行設備使用的指令的有形設備。電腦可讀儲存媒體可以是但不限於電儲存設備、磁儲存設備、光儲存設備、電磁儲存設備、半導體儲存設備或上述的任意合適的組合。電腦可讀儲存媒體的更具體的例子(非窮舉的列表)包括:硬碟、隨機存取記憶體、唯讀記憶體、快閃記憶體、光碟、軟碟以及上述的任意合適的組合。此處所使用的電腦可讀儲存媒體不被解釋爲瞬時訊號本身,諸如無線電波或者其它自由傳播的電磁波、通過波導或其它傳輸媒介傳播的電磁波(例如,通過光纖電纜的光訊號)、或者通過電線傳輸的電訊號。另外,此處所描述的電腦可讀程式指令可以從電腦可讀儲存媒體下載到各個計算/處理設備,或者通過網路,例如:網際網路、區域網路、廣域網路及/或無線網路下載到外部電腦設備或外部儲存設備。網路可以包括銅傳輸電纜、光纖傳輸、無線傳輸、路由器、防火牆、交換器、集線器及/或閘道器。每一個計算/處理設備中的網路卡或者網路介面從網路接收電腦可讀程式指令,並轉發此電腦可讀程式指令,以供儲存在各個計算/處理設備中的電腦可讀儲存媒體中。執行本發明操作的電腦程式指令可以是組合語言指令、指令集架構指令、機器指令、機器相關指令、微指令、韌體指令、或者以一種或多種程式語言的任意組合編寫的原始碼或目的碼(Object Code),所述程式語言包括物件導向的程式語言,如:Common Lisp、Python、C++、Objective-C、Smalltalk、Delphi、Java、Swift、C#、Perl、Ruby與PHP等,以及常規的程序式(Procedural)程式語言,如:C語言或類似的程式語言。所述電腦程式指令可以完全地在電腦上執行、部分地在電腦上執行、作爲一個獨立的軟體執行、部分在客戶端電腦上部分在遠端電腦上執行、或者完全在遠端電腦或伺服器上執行。It should be noted that, in practice, the modules described in the present invention can be implemented in various ways, including software, hardware, or any combination thereof. For example, in some embodiments, each module can be implemented by using Software and hardware or one of them can be implemented. In addition, the present invention can also be implemented partially or completely based on hardware. For example, one or more modules in the system can be implemented through integrated circuit chips, system Single chip (System on Chip, SoC), Complex Programmable Logic Device (Complex Programmable Logic Device, CPLD), Field Programmable Gate Array (Field Programmable Gate Array, FPGA) etc. The present invention may be a system, method and/or computer program. The computer program may include a computer-readable storage medium on which computer-readable program instructions for causing a processor to implement various aspects of the present invention are loaded, and the computer-readable storage medium may be a tangible material that may hold and store instructions for use by the instruction execution device equipment. Computer-readable storage media can be, but are not limited to, electrical storage devices, magnetic storage devices, optical storage devices, electromagnetic storage devices, semiconductor storage devices, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of computer-readable storage media include: hard disks, random access memory, read-only memory, flash memory, optical disks, floppy disks, and any suitable combination of the foregoing. Computer-readable storage media, as used herein, are not to be construed as transient signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (eg, optical signals through fiber optic cables), or through electrical wires. transmitted electrical signals. Additionally, the computer-readable program instructions described herein may be downloaded from computer-readable storage media to various computing/processing devices, or downloaded over a network such as the Internet, a local area network, a wide area network, and/or a wireless network to an external computer device or external storage device. Networks may include copper transmission cables, fiber optic transmissions, wireless transmissions, routers, firewalls, switches, hubs and/or gateways. The network card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage on the computer-readable storage medium in each computing/processing device middle. The computer program instructions that perform the operations of the present invention may be assembled language instructions, instruction set architecture instructions, machine instructions, machine dependent instructions, microinstructions, firmware instructions, or source or object code written in any combination of one or more programming languages (Object Code), the programming language includes object-oriented programming languages, such as: Common Lisp, Python, C++, Objective-C, Smalltalk, Delphi, Java, Swift, C#, Perl, Ruby and PHP, etc., as well as conventional programs Procedural programming language, such as: C language or similar programming language. The computer program instructions may execute entirely on the computer, partly on the computer, as a stand-alone software, partly on the client computer and partly on the remote computer, or entirely on the remote computer or server execute on.
請參閱「第2A圖」及「第2B圖」,「第2A圖」及「第2B圖」為本發明基於輸入密碼的門檻式簽章方法之方法流程圖,應用在包含多個節點的區塊鏈網路100,其步驟包括:提供作為區塊鏈網路100的節點的公正端主機110、客戶端主機120及伺服端主機130,所述客戶端主機120及伺服端主機130皆由公正端主機110預先分配相應的X座標及層級值(步驟211);客戶端主機120允許輸入密碼及隨機選擇b值,並且將密碼帶入第一雜湊函式計算出的數值與b值相乘以生成P值,以及將此P值傳送至伺服端主機130(步驟212);伺服端主機130接收到P值之後,生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將k值與P值的乘積作為V值,以及將公鑰及V值傳送至客戶端主機120(步驟213);客戶端主機120在接收到V值後,將密碼、P值及b值的倒數與V值的乘積帶入第二雜湊函式計算出的整數值作為客戶端主機120持有且對應所述密碼的密碼共享單元(步驟214);客戶端主機120及伺服端主機130以安全多方計算執行分散式金鑰生成函式,將門檻式簽章的t值、n值及各自的層級值帶入分散式金鑰生成函式以生成客戶端主機120的客戶端共享單元及伺服端主機130的伺服端共享單元,其中客戶端共享單元等於密碼共享單元,以及生成與客戶端共享單元及伺服端共享單元相應的門檻式簽章公鑰(步驟215);伺服端主機130儲存伺服端共享單元、k值、門檻式簽章公鑰、私鑰以及伺服端主機130及客戶端主機120的X座標與層級值(步驟216);以及當執行門檻式簽章時,客戶端主機120提示輸入密碼且重新隨機選擇b值,並且將輸入的密碼帶入第一雜湊函式計算出的數值與重新選擇的b值相乘以重新生成P值,以及將重新生成的P值傳送至伺服端主機130,使伺服端主機130重新計算V值並傳送至客戶端主機120,再由客戶端主機120將密碼、重新生成的P值、重新選擇的b值的倒數與重新計算出的V值的乘積帶入第二雜湊函式以重新生成客戶端主機120的客戶端共享單元,再根據客戶端主機120重新生成的客戶端共享單元與伺服端主機130儲存的伺服端共享單元對交易雜湊訊息執行門檻式簽章(步驟217)。透過上述步驟,即可透過公正端主機110為客戶端主機120及伺服端主機130分配X座標及層級值,並且允許在客戶端主機120設定密碼後,使客戶端主機120及伺服端主機130基於安全多方計算執行分散式金鑰生成函式,用以根據密碼、X座標及層級值生成與密碼相應的共享單元並儲存在伺服端主機130,當執行門檻式簽章時,僅需在客戶端主機120輸入密碼即可在客戶端主機120重新產生與密碼相應的共享單元,並且與儲存在伺服端主機130的共享單元共同執行門檻式簽章。Please refer to "Fig. 2A" and "Fig. 2B", "Fig. 2A" and "Fig. 2B" are flow charts of the method of the threshold-type signature method based on the input password of the present invention, which is applied to a region including a plurality of nodes The steps of the
以下配合「第3圖」及「第4圖」以實施例的方式進行如下說明,請參閱「第3圖」,「第3圖」為應用本發明於客戶端主機設定密碼與輸入密碼進行簽章之示意圖。初始時,公正端主機110會為每一個參與運算的節點分配X座標及其對應的層級值,例如:客戶端主機120分配到的X座標為數值3且層級值為數值0;伺服端主機130分配到的X座標為數值5且層級值為數值0。The following description will be given in the form of an embodiment in conjunction with "Fig. 3" and "Fig. 4", please refer to "Fig. 3", "Fig. 3" is the application of the present invention to the client host to set a password and enter a password to sign Schematic diagram of the chapter. Initially, the fair-
客戶端主機120允許使用者在生成視窗300的輸入區塊310中輸入自訂的密碼以生成相應的共享單元,當使用者點選生成共享單元按鍵320時,客戶端主機120會隨機選擇一個數值(即:b值),例如:數值8。此時,客戶端主機將計算P值,如:「P = Hash(password) * 8」。其中,「password」代表使用者在輸入區塊310中輸入的密碼,「Hash( )」代表第一雜湊函式,當執行第一雜湊函式並帶入密碼且與b值相乘後即可得到P值。在計算出P值之後,客戶端主機120會將P值傳送至伺服端主機130,使伺服端主機130生成非對稱式的私鑰及其相應的公鑰,並且隨機選擇k值,再將此k值與P值的乘積作為V值。舉例來說,假設K值為數值100,則V值的計算方式為「V = 100 * P」)。然後,再將公鑰及V值傳送至客戶端主機。The
當客戶端主機120接收到來自伺服端主機130的V值後,根據密碼、P值及b值與接收到的V值的乘積執行第二雜湊函式以生成整數值作為自身的共享單元。舉例來說,計算方式為「share-pw = Hash’(pw,P,8
-1* V)」。其中,「share-pw」代表與密碼相應的共享單元(即:密碼共享單元);「Hash’()」代表另一個雜湊函式(即:第二雜湊函式);「pw」代表輸入的密碼;「P」代表P值;「8
-1」代表b值的倒數;「V」代表V值。在實際實施上,可以使用伺服端主機130提供的公鑰對自己的密碼加密後,儲存在異地(如:雲端硬碟)作為備份使用。
After the
接著,客戶端主機120隨機選擇一個多項式(即:第一多項式「f
user(x)」),這個第一多項式的最高次數為門檻式簽章的門檻值(即:t值)減數值1。舉例來說,假設門檻值為數值「2」,則第一多項式的最高次數為數值「1」,代表第一多項式為一次多項式。除此之外,將X座標帶入此第一多項式計算出的多項式值(即:第一多項式值)需要與所述密碼共享單元相等,以X座標為數值3為例,第一多項式滿足「f
user(3) = share-pw」。另外,伺服端主機130也會隨機選擇一個多項式(即:第二多項式「f
server(x)」),這個第二多項式的最高次數同樣為門檻值減數值1,並且滿足將客戶端主機120的X座標帶入第二多項式計算出的多項式值(即:第二多項式值)為數值零,同樣以X座標為數值3為例,其代表「f
server(3) = 0」。
Next, the
接下來,客戶端主機120與伺服端主機130會將自己的X座標帶入自身選擇的多項式取值(即:第三多項式值),以及執行安全多方計算相互交換自身的X座標,以便將對方的X座標帶入自身選擇的多項式取值(即:第四多項式值),同時還會將數值零帶入自身選擇的多項式取值(即:第五多項式值),再將第五多項式值與橢圓曲線群的基點「G」相乘以計算出交換數值(即:「f
user(0) * G 」和「f
server(0) * G」)和生成與密碼共享單元及伺服端共享單元相應的零知識證明並相互交換。在這個例子中,執行安全多方計算的客戶端主機120會得到「f
user(3)」及「f
server(0) * G」;伺服端主機130會得到「f
user(5)」、「f
server(5)」及「f
user(0) * G」。
Next, the
當客戶端主機120得到第三多項式值及交換數值,伺服端主機130得到第三多項式值、第四多項式值及交換數值後,客戶端主機120將第三多項式值設為客戶端共享單元,伺服端主機130將第三多項式值與接收到的第四多項式值相加以計算出相應的伺服端共享單元,並且客戶端主機120和伺服端主機130驗證零知識證明和根據交換數值及伯克霍夫係數計算出與共享單元相應的公鑰(即:門檻式簽章公鑰)。舉例來說,客戶端主機120計算出的共享單元(即:客戶端共享單元)為「f
user(3)」;伺服端主機130計算出的共享單元(即:伺服端共享單元)為「f
user(5) + f
server(5)」;門檻式簽章公鑰為「b
userf
user(0) * G + b
serverf
server(0) * G」。其中,「b
user」與「b
server」是指伯克霍夫係數。
After the
此時,伺服端主機130會儲存伺服端主機130的共享單元「s
server」、K值、門檻式簽章公鑰、用於解密密碼的私鑰及所有X座標及其相應的層級值,而客戶端主機120則不需要儲存任何資料,實際上,也可以將自己使用公鑰加密的密碼傳送至雲端作為備份使用。至此,伺服端主機130便具有相應於密碼的共享單元,即:伺服端共享單元,能夠在客戶端主機120也具有相應於密碼的客戶端共享單元時,共同對交易雜湊訊息進行簽章。
At this time, the
當客戶端主機120要與伺服端主機130進行門檻式簽章時,會在客戶端主機120顯示簽章視窗350提示使用者在輸入區塊360中輸入先前設定的密碼,當使用者輸入密碼且點選簽章元件370時,客戶端主機120會重新隨機選擇b值,例如:數值10。然後,客戶端主機會將使用者在輸入區塊360中輸入的密碼帶入第一雜湊函式,並且將計算出的數值與重新隨機選擇的b值相乘,用以重新生成P值(即:「P = Hash(password) * 10」),並且將重新生成的P值傳送至伺服端主機130,以便伺服端主機130根據k值(在上例中,k值假設為數值100)及接收到的P值重新計算V值(即:「V = 100 * P」)。接下來,伺服端主機130除了將重新計算出的V值傳送至伺服端主機130之外,還可將儲存的客戶端主機120的X座標(x
user)及門檻式簽章公鑰傳送至客戶端主機120。
When the
當客戶端主機120自伺服端主機130接收到其重新計算的V值後,便將密碼、重新生成的P值、重新選擇的b值及伺服端主機130重新計算出的V值帶入第二雜湊函式以重新生成客戶端主機120的共享單元(即:客戶端共享單元)。如此一來,客戶端主機120即可使用重新生成的共享單元,搭配儲存在伺服端主機130與此密碼相應的共享單元,即:伺服端共享單元「s
server」,執行安全多方計算以對交易雜湊訊息執行門檻式簽章。
After the
如「第4圖」所示意,「第4圖」為應用本發明於客戶端主機更改密碼及其相應的客戶端共享單元與伺服端共享單元之示意圖。在實際實施上,客戶端主機120及伺服端主機130允許基於安全多方計算執行一個更換密碼函式,用以將舊密碼更換為新密碼。舉例來說,當使用者欲更換密碼時,客戶端主機120允許在更換密碼視窗400輸入舊密碼及新密碼,例如:在輸入區塊410輸入舊密碼,以及在輸入區塊420輸入新密碼。接著,使用者點選確定元件430後,客戶端主機120會隨機選擇兩個數值,即:b1值及b2值。假設選擇數值10和數值8之後,客戶端主機120分別將新密碼及舊密碼帶入第一雜湊函式,用以分別計算出舊P值(即:「P
old= Hash(password
old) * 10」)和新P值(即:「P
new= Hash(password
new) * 8」),並且將計算結果傳送至伺服端主機130。
As shown in "Fig. 4", "Fig. 4" is a schematic diagram of applying the present invention to a client host to change a password and its corresponding client-side sharing unit and server-side sharing unit. In practice, the
之後,伺服端主機130根據客戶端主機120的舊k值「k
old」(在上例中,假設為數值100)和舊P值計算出舊V值(V
old= 100 * P
old),並且隨機生成新k值「k
new」(假設為數值200),用以根據新P值和新k值計算出新V值(V
new= 200 * P
new)。然後,將舊V值、新V值和公鑰傳送給客戶端主機120。
After that, the
接著,在客戶端主機120收到舊V值和新V值之後,將舊密碼、舊P值及b1值「10」的倒數與舊V值的乘積帶入第二雜湊函式以計算出舊共享單元(即:「share-pw
old= Hash’(pw
old, P
old, 10
-1* V
old)」),以及將新密碼、新P值及b2值「8」的倒數與新V值的乘積帶入第二雜湊函式以計算出新共享單元(即:「share-pw
new= Hash’(pw
new, P
new, 8
-1* V
new)」)。
Next, after the
接下來,客戶端主機120隨機選擇一個t-1次的多項式「f
user(x) = ((share-pw
new– b
user* share-pw
old) / 3) * (x - 3) + share-pw
new」。同樣地,伺服端主機130也隨機選擇一個t-1次的多項式「f
server(x) = - (b
server* s
server) / 3) * (x - 3)」,其中「t」是指t值或稱為門檻值。然後,客戶端主機120和伺服端主機130將對方的X座標帶入自身選擇的多項式取值(即:第四多項式值),同時還會將數值零帶入自身選擇的多項式取值(即:第五多項式值),再將第五多項式值與橢圓曲線群的基點「G」相乘以計算出相應的交換數值(即:「f
user(0) * G 」和「f
server(0) * G」), 並且相互交換計算出的第四多項式值、交換數值,以及將相應舊密碼的共享單元與基點「G」的乘積(即:「share-pw
old* G」)傳送至伺服端主機130,並且客戶端會生成關於「share-pw
old」和「share-pw
new」的零知識證明和伺服端會生成關於「s
server」的零知識證明以確保雙方是知道各自的秘密,即:「share-pw
old」、「share-pw
new」和「s
server」(這邊可使用標準的 Schnorr protocol 達到這個目的)。在這個例子中,執行安全多方計算的客戶端主機120會得到「f
user(3)」及「f
server(0) * G」 和兩個關於「share-pw
old」和「share-pw
new」的零知識證明;伺服端主機130會得到「f
user(5)」、「f
server(5)」、「f
user(0) * G」及「share-pw
old* G」和關於「s
server」的零知識證明。
Next, the
當客戶端主機120和伺服端主機130獲得上述計算結果後,客戶端主機120將「f
user(3)」設為新密碼相應的新共享單元,即:客戶端新共享單元「share-pw
new」;伺服端主機130將「f
user(5)」與「f
server(5)」加總計算出伺服端主機130的新共享單元,即:伺服端新共享單元「s
server-new」。同時,客戶端主機120和伺服端主機130會計算新的門檻式簽章公鑰(即:新門檻式簽章公鑰),計算方式為「b
userf
user(0) * G + b
serverf
server(0) * G」,其中,「b
user」和「b
server」分別為客戶端主機120和伺服端主機130的伯克霍夫係數,而驗證門檻式簽章公鑰的方式可根據「b1 * share-pw
old* G + b2 * s
server* G」的值及 「b1 * share-pw
new* G + b2 * s
server-new* G」的值來判斷,其中,「b1」與「b2」是對應可計算的伯克霍夫係數及各自驗證收到的零知識證明。至此,只要沒有人同時知道客戶端主機120和伺服端主機130的兩個共享單元,則置換過密碼後,可以讓原本擁有的單一共享單元都失效。
After the
換句話說,客戶端主機120及伺服端主機130允許基於安全多方計算執行的更換密碼函式,其可包含下列步驟:In other words, the
1. 客戶端主機120提示輸入密碼及新密碼,並且隨機選擇b1值及b2值,再將密碼帶入第一雜湊函式且與b1值相乘以計算出舊P值,以及將新密碼帶入第一雜湊函式且與b2值相乘以計算出新P值,並且將舊P值及新P值傳送至伺服端主機130。1. The
2. 伺服端主機130將k值與舊P值相乘以計算出舊V值,以及將隨機產生的新k值與新P值相乘以計算出新V值,並且傳送舊V值、新V值及公鑰至客戶端主機120。2. The
3. 客戶端主機120將密碼、舊P值、b1值的倒數與舊V值的乘積帶入第二雜湊函式以計算出舊密碼共享單元,以及將新密碼、新P值、b2值的倒數與新V值的乘積帶入第二雜湊函式以計算出新密碼共享單元。3. The
4. 客戶端主機120及伺服端主機130將舊密碼共享單元、新密碼共享單元、門檻式簽章的t值、n值及各自的層級值帶入分散式金鑰生成函式以生成客戶端主機120的客戶端新共享單元及伺服端主機130的伺服端新共享單元,並且以伺服端新共享單元取代原本的伺服端共享單元,以及生成與客戶端新共享單元及伺服端新共享單元相應的新門檻式簽章公鑰。4. The
綜上所述,可知本發明與先前技術之間的差異在於透過公正端主機為客戶端主機及伺服端主機分配X座標及層級值,並且允許在客戶端主機設定密碼後,使客戶端主機及伺服端主機基於安全多方計算執行分散式金鑰生成函式,用以根據密碼、X座標及層級值生成與密碼相應的共享單元並儲存在伺服端主機,當執行門檻式簽章時,僅需在客戶端主機輸入密碼即可在客戶端主機重新產生與密碼相應的共享單元,並且與儲存在伺服端主機的共享單元共同執行門檻式簽章,藉由此一技術手段可以解決先前技術所存在的問題,進而在不生成私鑰的情況下,達成提高區塊鏈錢包的交易安全性及管理便利性之技術功效。From the above, it can be seen that the difference between the present invention and the prior art is that the client host and the server host are assigned the X coordinate and the level value through the fair end host, and after the client host sets a password, the client host and the The server-side host executes the distributed key generation function based on secure multi-party computation to generate a shared unit corresponding to the password according to the password, X-coordinate and level value and store it on the server-side host. Entering the password on the client host can regenerate the shared unit corresponding to the password on the client host, and jointly execute the threshold-type signature with the shared unit stored in the server host. This technical means can solve the existing problems in the prior art. Therefore, the technical effect of improving the transaction security and management convenience of the blockchain wallet can be achieved without generating a private key.
雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明,任何熟習相像技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。Although the present invention is disclosed above by the aforementioned embodiments, it is not intended to limit the present invention. Anyone who is familiar with the similar arts can make some changes and modifications without departing from the spirit and scope of the present invention. The scope of patent protection shall be determined by the scope of the patent application attached to this specification.
100:區塊鏈網路 110:公正端主機 120:客戶端主機 121:第一生成模組 122:第二生成模組 123:第一運算模組 130:伺服端主機 131:金鑰模組 132:第二運算模組 133:儲存模組 300:生成視窗 310:輸入區塊 320:生成共享單元按鍵 350:簽章視窗 360:輸入區塊 370:簽章元件 400:更換密碼視窗 410,420:輸入區塊 430:確定元件 步驟211:提供作為區塊鏈網路的節點的一公正端主機、一客戶端主機及一伺服端主機,該客戶端主機及該伺服端主機皆由該公正端主機預先分配相應的一X座標及一層級值 步驟212:該客戶端主機允許輸入一密碼及隨機選擇一b值,並且將該密碼帶入一第一雜湊函式計算出的數值與該b值相乘以生成一P值,以及將該P值傳送至該伺服端主機 步驟213:該伺服端主機接收到該P值之後,生成非對稱式的一私鑰及其相應的一公鑰,並且隨機選擇一k值,再將該k值與該P值的乘積作為一V值,以及將該公鑰及該V值傳送至該客戶端主機 步驟214:該客戶端主機在接收到該V值後,將該密碼、該P值及該b值的倒數與該V值的乘積帶入一第二雜湊函式計算出的整數值作為該客戶端主機持有且對應該密碼的一密碼共享單元 步驟215:該客戶端主機及該伺服端主機以安全多方計算(Secure Multi-Party Computation, MPC)執行一分散式金鑰生成函式,將門檻式簽章的一t值、一n值及各自的該層級值帶入該分散式金鑰生成函式以生成該客戶端主機的一客戶端共享單元及該伺服端主機的一伺服端共享單元,其中該客戶端共享單元等於該密碼共享單元,以及生成與該客戶端共享單元及該伺服端共享單元相應的一門檻式簽章公鑰 步驟216:該伺服端主機儲存該伺服端共享單元、該k值、該門檻式簽章公鑰、該私鑰以及該伺服端主機及該客戶端主機的該X座標與該層級值 步驟217:當執行門檻式簽章時,該客戶端主機提示輸入該密碼且重新隨機選擇該b值,並且將輸入的該密碼帶入該第一雜湊函式計算出的數值與重新選擇的該b值相乘以重新生成該P值,以及將重新生成的該P值傳送至該伺服端主機,使伺服端主機重新計算該V值並傳送至該客戶端主機,再由該客戶端主機將該密碼、重新生成的該P值、重新選擇的該b值的倒數與重新計算出的該V值的乘積帶入該第二雜湊函式以重新生成該客戶端主機的該客戶端共享單元,再根據該客戶端主機重新生成的該客戶端共享單元與該伺服端主機儲存的該伺服端共享單元對一交易雜湊訊息執行門檻式簽章100: Blockchain Network 110: Fair end host 120: client host 121: The first generation module 122: Second Generation Module 123: The first operation module 130: Server host 131: Key Module 132: The second operation module 133: Storage Module 300: Generate viewport 310: Input block 320: Generate shared unit keys 350:Signature window 360: input block 370:Signature element 400: Change password window 410,420: Input block 430: Determine Components Step 211: Provide a fair host, a client host and a server host as nodes of the blockchain network, the client host and the server host are pre-assigned a corresponding X coordinate by the fair host and one-level value Step 212: The client host allows input of a password and randomly selects a b value, and takes the password into a value calculated by a first hash function and multiplies the b value to generate a P value, and the P value sent to the server host Step 213: After the server host receives the P value, it generates an asymmetric private key and a corresponding public key, and randomly selects a k value, and then uses the product of the k value and the P value as a V value, and transmitting the public key and the V value to the client host Step 214: After receiving the V value, the client host takes the password, the product of the reciprocal of the P value and the b value and the V value into an integer value calculated by a second hash function as the client A cipher sharing unit held by the end host and corresponding to the cipher Step 215: The client host and the server host execute a distributed key generation function through Secure Multi-Party Computation (MPC), and generate a value t, a value n of the threshold signature and their respective The level value of is brought into the distributed key generation function to generate a client shared unit of the client host and a server shared unit of the server host, wherein the client shared unit is equal to the cryptographic shared unit, and generating a threshold-type signature public key corresponding to the client-side sharing unit and the server-side sharing unit Step 216: The server host stores the server shared unit, the k value, the threshold signature public key, the private key, the X coordinate and the level value of the server host and the client host Step 217: When the threshold signature is executed, the client host prompts for the password and re-selects the b value randomly, and brings the entered password into the value calculated by the first hash function and the re-selected value of b. The b value is multiplied to regenerate the P value, and the regenerated P value is transmitted to the server host, so that the server host recalculates the V value and transmits it to the client host, and then the client host recalculates the V value. The product of the password, the regenerated P value, the reciprocal of the reselected b value and the recalculated V value is brought into the second hash function to regenerate the client shared unit of the client host, Then, according to the client-side sharing unit regenerated by the client-side host and the server-side sharing unit stored by the server-side host, a threshold signature is performed on a transaction hash message
第1圖為本發明基於輸入密碼的門檻式簽章系統之系統方塊圖。 第2A圖及第2B圖為本發明基於輸入密碼的門檻式簽章方法之方法流程圖。 第3圖為應用本發明於客戶端主機設定密碼與輸入密碼進行簽章之示意圖。 第4圖為應用本發明於客戶端主機更改密碼及其相應的客戶端共享單元與伺服端共享單元之示意圖。 Fig. 1 is a system block diagram of the threshold type signature system based on the input password of the present invention. FIG. 2A and FIG. 2B are method flow charts of the threshold type signature method based on the input password of the present invention. FIG. 3 is a schematic diagram of applying the present invention to set a password on a client host and input the password for signing. FIG. 4 is a schematic diagram of applying the present invention to a client host to change a password and its corresponding client-side sharing unit and server-side sharing unit.
100:區塊鏈網路 100: Blockchain Network
110:公正端主機 110: Fair end host
120:客戶端主機 120: client host
121:第一生成模組 121: The first generation module
122:第二生成模組 122: Second Generation Module
123:第一運算模組 123: The first operation module
130:伺服端主機 130: Server host
131:金鑰模組 131: Key Module
132:第二運算模組 132: The second operation module
133:儲存模組 133: Storage Module
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110109070A TWI759138B (en) | 2021-03-15 | 2021-03-15 | Threshold signature scheme system based on inputting password and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110109070A TWI759138B (en) | 2021-03-15 | 2021-03-15 | Threshold signature scheme system based on inputting password and method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI759138B true TWI759138B (en) | 2022-03-21 |
TW202239173A TW202239173A (en) | 2022-10-01 |
Family
ID=81710883
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW110109070A TWI759138B (en) | 2021-03-15 | 2021-03-15 | Threshold signature scheme system based on inputting password and method thereof |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI759138B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI795284B (en) * | 2022-05-05 | 2023-03-01 | 英屬開曼群島商現代財富控股有限公司 | Threshold signature generation system based on garbled circuit and method thereof |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017127238A1 (en) * | 2016-01-20 | 2017-07-27 | Mastercard International Incorporated | Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography |
TW201946412A (en) * | 2018-03-02 | 2019-12-01 | 安地卡及巴布達商區塊鏈控股有限公司 | Computer implemented method and system for transferring control of a digital asset |
-
2021
- 2021-03-15 TW TW110109070A patent/TWI759138B/en active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017127238A1 (en) * | 2016-01-20 | 2017-07-27 | Mastercard International Incorporated | Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography |
TW201946412A (en) * | 2018-03-02 | 2019-12-01 | 安地卡及巴布達商區塊鏈控股有限公司 | Computer implemented method and system for transferring control of a digital asset |
Non-Patent Citations (1)
Title |
---|
Adriano Di Luzio, et al., "Arcula:A Secure Hierarchical Deterministic Wallet for Multi-asset Blockchains", Stevens Institute of Technology, USA, 2019/12/12. * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI795284B (en) * | 2022-05-05 | 2023-03-01 | 英屬開曼群島商現代財富控股有限公司 | Threshold signature generation system based on garbled circuit and method thereof |
Also Published As
Publication number | Publication date |
---|---|
TW202239173A (en) | 2022-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11601407B2 (en) | Fast oblivious transfers | |
KR102170346B1 (en) | Systems and methods for information protection | |
JP6515246B2 (en) | Determination of common secrets for the secure exchange of information and hierarchical and deterministic encryption keys | |
US11080694B2 (en) | System and method for information protection | |
KR102150814B1 (en) | Systems and methods for information protection | |
JP7065887B2 (en) | Methods and systems for establishing reliable peer-to-peer communication between nodes in a blockchain network | |
KR20200066260A (en) | System and method for information protection | |
TWI821248B (en) | Computer implemented method and system for transferring control of a digital asset | |
TWI813616B (en) | Computer implemented method and system for obtaining digitally signed data | |
JP2022547876A (en) | System and method for message signing | |
TW202029693A (en) | Computer implemented system and method for distributing shares of digitally signed data | |
TWI759138B (en) | Threshold signature scheme system based on inputting password and method thereof | |
TWI701931B (en) | Digital signature method with hierarchical mechanism and hardware wallet device suitable therefore | |
TWI764811B (en) | Key generating system for hierarchical deterministic wallet and method thereof | |
TWI702820B (en) | Secret sharing signature system with hierarchical mechanism and method thereof | |
TWI776416B (en) | Threshold signature scheme system for hierarchical deterministic wallet and method thereof | |
TWI737956B (en) | Threshold signature system based on secret sharing and method thereof | |
TWI689194B (en) | Threshold signature system based on secret sharing without dealer and method thereof | |
TWI799286B (en) | Random number generation system for threshold signature scheme and method thereof | |
TWI694349B (en) | Threshold signature system with prevent memory dump and method thereof | |
TWI782486B (en) | Threshold and number of participation adjusting system for threshold signature scheme and method thereof | |
US11979493B2 (en) | Methods and systems to establish trusted peer-to-peer communications between nodes in a blockchain network |